<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hello everyone,</p>
<p>I am having problems getting an ip range over a tunnel that i
want. And don't see what i do wrong...<br>
</p>
<p>I have setup the following where MS1 and V1 are under my control:<br>
windows host (MS1) -> vpn server (<i>V1</i>) =tunnel= vpn
server (V2) -> win hosts ( x.64.48.41 (MS2) and x.64.51.113
(MS3) )<br>
conn A<br>
left=<ext ip><br>
right=<ext ip><br>
leftsubnet=10.33.3.0/24<br>
rightsubnet=x.64.48.0/21<br>
and the rest</p>
<p>The tunnel comes up fine. I can send a ping to x.64.48.41 from
MS1. But fail to ping MS3.<br>
I bring down the tunnel and start a ping MS3. Bring up the tunnel
and ping reply is fine. But now i fail to ping MS2. Doing the same
reverses everything al the time. So it seams the the first ping
that comes trough gets to be working. And gets to add the route.<br>
</p>
<p>table 220 gives me:<br>
x.64.48.0/21 via <ext ip> dev ens18 proto static src
10.33.3.254<br>
x.64.48.41 via <ext ip> dev ens18 proto static src
10.33.3.254<br>
and got ping to MS2 working.</p>
<p>I tried adding<br>
x.64.51.113 via <ext ip> dev ens18 proto static src
10.33.3.254</p>
<p>But the packages don't seem to be send in to the tunnel. They do
arrive at V1 from MS1. I don't get why Strongswan add 2 routes to
the table even the ip is included in the subnet.<br>
</p>
<p>-----------------------------------------<br>
I tried a setup with two other setup's but also never both pings
working:<br>
--------<br>
rightsubnet=x.64.48.41/32,x64.51.113/32 But with the same result.<br>
--------<br>
</p>
<p>and:<br>
--------<br>
Conn A<br>
rightsubnet=x.64.48.41/32</p>
<p>Conn BA<br>
also=A<br>
rightsubnet=x.64.51.113/32<br>
--------</p>
<p>Hope someone can make me a bit smarter and explain and solve my
problem. Tried to keep al the ip's as real as possible so hope all
is clear enough.</p>
<p>Kind rgds, Ben</p>
</body>
</html>